Hey Gareth, thank you for the reply. However, I’m sorry, I still don’t get it. I’d appreciate it, if you could elaborate a little bit. In which way am I mistaken if I say git clone https://github.com/nodejs/node.git or wget https://github.com/nodejs/node/archive/master.zip would do without any permissions at all? (Suppose you’d want to import the Node.js JavaScript runtime which doesn’t make sense, I couldn’t think of a better GitHub example repository right now.) Thank you

you’re right, in theory we don’t strictly need write permission for GitHub import of public projects, but we didn’t want to provide too many complicated options for users. If it is a security concern for you, you can use the “import link”: https://glitch.com/edit/#!/import/github/<user>/<repo>, which should work for public repositories without any write permission

As for the UI, unfortunately, as @gareth said, GitHub doesn’t provide fine-grained permissions, so we opted for a “single click” experience for users for interacting with GitHub. It’s not super-safe, but it’s the best compromise. You can always revoke your permissions, by the way:

Yes, you’re right @etamponi. Using https://api.glitch.com/project/githubImport without granted write permission to my GitHub account works, too. I should have just tried that… Sorry But thank you!

etamponi:

You can always revoke your permissions, by the way

I’m not sure how that “Revoke repo access” link is supposed to work, but for me it didn’t revoke the write permission on GitHub. I had to go to my GitHub “Authorized OAuth Apps” settings and revoke Glitch completely to revoke the write permission. (And connect it to Glitch via login, again - without write permissions.) Maybe GitHub doesn’t allow revoking of single additionally added permissions once they’ve been granted?